Beispiel #1
0
class RegisterRequestPayload(Struct):

    def __init__(self,
                 object_type=None,
                 template_attribute=None,
                 secret=None):
        super(self.__class__, self).__init__(Tags.REQUEST_PAYLOAD)

        self.secret_factory = SecretFactory()
        self.object_type = object_type
        self.template_attribute = template_attribute
        self.secret = secret

        self.validate()

    def read(self, istream):
        super(self.__class__, self).read(istream)
        tstream = BytearrayStream(istream.read(self.length))

        self.object_type = attributes.ObjectType()
        self.template_attribute = TemplateAttribute()

        self.object_type.read(tstream)
        self.template_attribute.read(tstream)

        secret_type = self.object_type.enum
        secret = self.secret_factory.create(secret_type)

        if self.is_tag_next(secret.tag, tstream):
            self.secret = secret
            self.secret.read(tstream)

        self.is_oversized(tstream)
        self.validate()

    def write(self, ostream):
        tstream = BytearrayStream()

        # Write the contents of the request payload
        self.object_type.write(tstream)
        self.template_attribute.write(tstream)

        if self.secret is not None:
            self.secret.write(tstream)

        # Write the length and value of the request payload
        self.length = tstream.length()
        super(self.__class__, self).write(ostream)
        ostream.write(tstream.buffer)

    def validate(self):
        self.__validate()

    def __validate(self):
        # TODO (peter-hamilton) Finish implementation.
        pass
Beispiel #2
0
    def _create_key_pair(self, key_name=None):
        """
        Helper function for creating private and public keys. Used any time
        a key pair needs to be created.
        :param key_name: name of the key to be created
        :return: returns the result of the "create key" operation as
        provided by the KMIP appliance
        """
        attribute_type = AttributeType.CRYPTOGRAPHIC_ALGORITHM
        algorithm = self.attr_factory.create_attribute(attribute_type,
                                                       CryptoAlgorithmEnum.RSA)
        mask_flags = [CryptographicUsageMask.ENCRYPT,
                      CryptographicUsageMask.DECRYPT]
        attribute_type = AttributeType.CRYPTOGRAPHIC_USAGE_MASK
        usage_mask = self.attr_factory.create_attribute(attribute_type,
                                                        mask_flags)
        key_length = 2048
        attribute_type = AttributeType.CRYPTOGRAPHIC_LENGTH
        key_length_obj = self.attr_factory.create_attribute(attribute_type,
                                                            key_length)
        name = Attribute.AttributeName('Name')

        if key_name is None:
            key_name = 'Integration Test - Key'

        priv_name_value = Name.NameValue(key_name + " Private")
        pub_name_value = Name.NameValue(key_name + " Public")
        name_type = Name.NameType(NameType.UNINTERPRETED_TEXT_STRING)
        priv_value = Name(name_value=priv_name_value, name_type=name_type)
        pub_value = Name(name_value=pub_name_value, name_type=name_type)
        priv_name = Attribute(attribute_name=name, attribute_value=priv_value)
        pub_name = Attribute(attribute_name=name, attribute_value=pub_value)

        common_attributes = [algorithm, usage_mask, key_length_obj]
        private_key_attributes = [priv_name]
        public_key_attributes = [pub_name]

        common = TemplateAttribute(
            attributes=common_attributes,
            tag=enums.Tags.COMMON_TEMPLATE_ATTRIBUTE
        )
        priv_templ_attr = TemplateAttribute(
            attributes=private_key_attributes,
            tag=enums.Tags.PRIVATE_KEY_TEMPLATE_ATTRIBUTE
        )
        pub_templ_attr = TemplateAttribute(
            attributes=public_key_attributes,
            tag=enums.Tags.PUBLIC_KEY_TEMPLATE_ATTRIBUTE
        )

        return self.client.\
            create_key_pair(common_template_attribute=common,
                            private_key_template_attribute=priv_templ_attr,
                            public_key_template_attribute=pub_templ_attr)
Beispiel #3
0
    def read(self, istream):
        super(CreateRequestPayload, self).read(istream)
        tstream = BytearrayStream(istream.read(self.length))

        self.object_type = attributes.ObjectType()
        self.template_attribute = TemplateAttribute()

        self.object_type.read(tstream)
        self.template_attribute.read(tstream)

        self.is_oversized(tstream)
        self.validate()
Beispiel #4
0
class RegisterRequestPayload(Struct):
    def __init__(self, object_type=None, template_attribute=None, secret=None):
        super(RegisterRequestPayload, self).__init__(Tags.REQUEST_PAYLOAD)

        self.secret_factory = SecretFactory()
        self.object_type = object_type
        self.template_attribute = template_attribute
        self.secret = secret

        self.validate()

    def read(self, istream):
        super(RegisterRequestPayload, self).read(istream)
        tstream = BytearrayStream(istream.read(self.length))

        self.object_type = attributes.ObjectType()
        self.template_attribute = TemplateAttribute()

        self.object_type.read(tstream)
        self.template_attribute.read(tstream)

        secret_type = self.object_type.value
        secret = self.secret_factory.create(secret_type)

        if self.is_tag_next(secret.tag, tstream):
            self.secret = secret
            self.secret.read(tstream)

        self.is_oversized(tstream)
        self.validate()

    def write(self, ostream):
        tstream = BytearrayStream()

        # Write the contents of the request payload
        self.object_type.write(tstream)
        self.template_attribute.write(tstream)

        if self.secret is not None:
            self.secret.write(tstream)

        # Write the length and value of the request payload
        self.length = tstream.length()
        super(RegisterRequestPayload, self).write(ostream)
        ostream.write(tstream.buffer)

    def validate(self):
        self.__validate()

    def __validate(self):
        # TODO (peter-hamilton) Finish implementation.
        pass
Beispiel #5
0
    def read(self, istream):
        super(RegisterResponsePayload, self).read(istream)
        tstream = BytearrayStream(istream.read(self.length))

        self.unique_identifier = attributes.UniqueIdentifier()
        self.unique_identifier.read(tstream)

        if self.is_tag_next(Tags.TEMPLATE_ATTRIBUTE, tstream):
            self.template_attribute = TemplateAttribute()
            self.template_attribute.read(tstream)

        self.is_oversized(tstream)
        self.validate()
Beispiel #6
0
class CreateResponsePayload(Struct):

    def __init__(self,
                 object_type=None,
                 unique_identifier=None,
                 template_attribute=None):
        super(CreateResponsePayload, self).__init__(
            tag=enums.Tags.RESPONSE_PAYLOAD)
        self.object_type = object_type
        self.unique_identifier = unique_identifier
        self.template_attribute = template_attribute
        self.validate()

    def read(self, istream):
        super(CreateResponsePayload, self).read(istream)
        tstream = BytearrayStream(istream.read(self.length))

        self.object_type = attributes.ObjectType()
        self.unique_identifier = attributes.UniqueIdentifier()

        self.object_type.read(tstream)
        self.unique_identifier.read(tstream)

        if self.is_tag_next(Tags.TEMPLATE_ATTRIBUTE, tstream):
            self.template_attribute = TemplateAttribute()
            self.template_attribute.read(tstream)

        self.is_oversized(tstream)
        self.validate()

    def write(self, ostream):
        tstream = BytearrayStream()

        # Write the contents of the request payload
        self.object_type.write(tstream)
        self.unique_identifier.write(tstream)

        if self.template_attribute is not None:
            self.template_attribute.write(tstream)

        # Write the length and value of the request payload
        self.length = tstream.length()
        super(CreateResponsePayload, self).write(ostream)
        ostream.write(tstream.buffer)

    def validate(self):
        # TODO (peter-hamilton) Finish implementation.
        pass
Beispiel #7
0
 def test_create(self):
     obj_type = ObjectType(ObjectTypeEnum.SYMMETRIC_KEY)
     attributes = self._get_attrs()
     template_attribute = TemplateAttribute(attributes=attributes)
     res = self.kmip.create(obj_type, template_attribute)
     self.assertNotEqual(None, res, 'result is None')
     self.assertEqual(ResultStatus.SUCCESS, res.result_status.value,
                      'result status did not return success')
Beispiel #8
0
 def test_register(self):
     obj_type = ObjectType(ObjectTypeEnum.SYMMETRIC_KEY)
     key = self._get_symmetric_key()
     attributes = []
     template_attribute = TemplateAttribute(attributes=attributes)
     res = self.kmip.register(obj_type, template_attribute, key)
     self.assertNotEqual(None, res, 'result is None')
     self.assertEqual(ResultStatus.SUCCESS, res.result_status.value,
                      'result status did not return success')
Beispiel #9
0
 def test_create_no_usage_mask(self):
     obj_type = ObjectType(ObjectTypeEnum.SYMMETRIC_KEY)
     attributes = [self._get_attrs()[0]]
     template_attribute = TemplateAttribute(attributes=attributes)
     res = self.kmip.create(obj_type, template_attribute)
     self.assertNotEqual(None, res, 'result is None')
     self.assertEqual(
         ResultStatus.OPERATION_FAILED,
         res.result_status.value,
         'result status did not return failed')
Beispiel #10
0
    def read(self, istream):
        super(RegisterRequestPayload, self).read(istream)
        tstream = BytearrayStream(istream.read(self.length))

        self.object_type = attributes.ObjectType()
        self.template_attribute = TemplateAttribute()

        self.object_type.read(tstream)
        self.template_attribute.read(tstream)

        secret_type = self.object_type.value
        secret = self.secret_factory.create(secret_type)

        if self.is_tag_next(secret.tag, tstream):
            self.secret = secret
            self.secret.read(tstream)

        self.is_oversized(tstream)
        self.validate()
Beispiel #11
0
 def test_create_no_length(self):
     obj_type = ObjectType(ObjectTypeEnum.SYMMETRIC_KEY)
     attributes = self._get_attrs()[0:2]
     template_attribute = TemplateAttribute(attributes=attributes)
     res = self.kmip.create(obj_type, template_attribute)
     self.assertNotEqual(None, res, 'result is None')
     attrs = res.template_attribute.attributes
     self.assertEqual(ResultStatus.SUCCESS, res.result_status.value,
                      'result status did not return success')
     self.assertTrue(self._check_attr_exists(attributes[2], attrs),
                     'length attribute not returned')
Beispiel #12
0
    def generate_symmetric_key(self, key_spec):
        """Generate a symmetric key.

        Creates KMIP attribute objects based on the given KeySpec to send to
        the server.

        :param key_spec: KeySpec with symmetric algorithm and bit_length
        :returns: dictionary holding key_id returned by server
        :raises: SecretGeneralException, SecretAlgorithmNotSupportedException
        """
        LOG.debug("Starting symmetric key generation with KMIP plugin")
        if not self.generate_supports(key_spec):
            raise ss.SecretAlgorithmNotSupportedException(key_spec.alg)

        if key_spec.alg.lower() not in ss.KeyAlgorithm.SYMMETRIC_ALGORITHMS:
            raise KMIPSecretStoreError(
                u._("An unsupported algorithm {algorithm} was passed to the "
                    "'generate_symmetric_key' method").format(
                        algorithm=key_spec.alg))

        object_type = enums.ObjectType.SYMMETRIC_KEY

        algorithm = self._create_cryptographic_algorithm_attribute(
            key_spec.alg)

        usage_mask = self._create_usage_mask_attribute(object_type)

        length = self._create_cryptographic_length_attribute(
            key_spec.bit_length)

        attribute_list = [algorithm, usage_mask, length]
        template_attribute = TemplateAttribute(attributes=attribute_list)

        try:
            self.client.open()
            LOG.debug("Opened connection to KMIP client for secret " +
                      "generation")
            result = self.client.create(object_type=object_type,
                                        template_attribute=template_attribute,
                                        credential=self.credential)
        except Exception as e:
            LOG.exception(u._LE("Error opening or writing to client"))
            raise ss.SecretGeneralException(str(e))
        else:
            if result.result_status.enum == enums.ResultStatus.SUCCESS:
                LOG.debug("SUCCESS: Symmetric key generated with "
                          "uuid: %s", result.uuid.value)
                return {KMIPSecretStore.KEY_UUID: result.uuid.value}
            else:
                self._raise_secret_general_exception(result)
        finally:
            self.client.close()
            LOG.debug("Closed connection to KMIP client for secret " +
                      "generation")
Beispiel #13
0
 def test_register_length_in_template_and_key_block(self):
     obj_type = ObjectType(ObjectTypeEnum.SYMMETRIC_KEY)
     key = self._get_symmetric_key()
     attributes = [self._get_length_attr()]
     template_attribute = TemplateAttribute(attributes=attributes)
     res = self.kmip.register(obj_type, template_attribute, key)
     self.assertEqual(ResultStatus.OPERATION_FAILED,
                      res.result_status.value,
                      'result status did not return failed')
     self.assertEqual(ResultReason.INDEX_OUT_OF_BOUNDS,
                      res.result_reason.value,
                      'result reason did not match')
Beispiel #14
0
 def test_register_attrs_in_template(self):
     obj_type = ObjectType(ObjectTypeEnum.SYMMETRIC_KEY)
     key = self._get_symmetric_key()
     key.key_block.cryptographic_algorithm = None
     key.key_block.cryptographic_length = None
     key.key_block.key_value.attributes = []
     attributes = self._get_attrs()
     template_attribute = TemplateAttribute(attributes=attributes)
     res = self.kmip.register(obj_type, template_attribute, key)
     self.assertNotEqual(None, res, 'result is None')
     self.assertEqual(ResultStatus.SUCCESS, res.result_status.value,
                      'result status did not return success')
Beispiel #15
0
 def test_register_no_object_type(self):
     obj_type = None
     key = self._get_symmetric_key()
     attributes = []
     template_attribute = TemplateAttribute(attributes=attributes)
     res = self.kmip.register(obj_type, template_attribute, key)
     self.assertNotEqual(None, res, 'result is None')
     self.assertEqual(ResultStatus.OPERATION_FAILED,
                      res.result_status.value,
                      'result status did not return failed')
     self.assertEqual(ResultReason.ITEM_NOT_FOUND,
                      res.result_reason.value,
                      'result reason did not match')
Beispiel #16
0
 def test_register_no_usage_mask(self):
     obj_type = ObjectType(ObjectTypeEnum.SYMMETRIC_KEY)
     key = self._get_symmetric_key()
     key.key_block.key_value.attributes = []
     attributes = []
     template_attribute = TemplateAttribute(attributes=attributes)
     res = self.kmip.register(obj_type, template_attribute, key)
     self.assertEqual(ResultStatus.OPERATION_FAILED,
                      res.result_status.value,
                      'result status did not return failed')
     self.assertEqual(ResultReason.ITEM_NOT_FOUND,
                      res.result_reason.value,
                      'result reason did not match')
Beispiel #17
0
class CreateRequestPayload(Struct):

    def __init__(self,
                 object_type=None,
                 template_attribute=None):
        super(CreateRequestPayload, self).__init__(
            tag=enums.Tags.REQUEST_PAYLOAD)
        self.object_type = object_type
        self.template_attribute = template_attribute
        self.validate()

    def read(self, istream):
        super(CreateRequestPayload, self).read(istream)
        tstream = BytearrayStream(istream.read(self.length))

        self.object_type = attributes.ObjectType()
        self.template_attribute = TemplateAttribute()

        self.object_type.read(tstream)
        self.template_attribute.read(tstream)

        self.is_oversized(tstream)
        self.validate()

    def write(self, ostream):
        tstream = BytearrayStream()

        # Write the object type and template attribute of the request payload
        self.object_type.write(tstream)
        self.template_attribute.write(tstream)

        # Write the length and value of the request payload
        self.length = tstream.length()
        super(CreateRequestPayload, self).write(ostream)
        ostream.write(tstream.buffer)

    def validate(self):
        # TODO (peter-hamilton) Finish implementation.
        pass
Beispiel #18
0
    def read(self, istream):
        super(self.__class__, self).read(istream)
        tstream = BytearrayStream(istream.read(self.length))

        self.unique_identifier = attributes.UniqueIdentifier()
        self.unique_identifier.read(tstream)

        if self.is_tag_next(Tags.TEMPLATE_ATTRIBUTE, tstream):
            self.template_attribute = TemplateAttribute()
            self.template_attribute.read(tstream)

        self.is_oversized(tstream)
        self.validate()
Beispiel #19
0
    def test_derive_key(self, send_mock, build_mock):
        """
        Test that the client can derive a key.
        """
        payload = payloads.DeriveKeyResponsePayload(
            unique_identifier='1',
        )
        batch_item = ResponseBatchItem(
            operation=Operation(OperationEnum.DERIVE_KEY),
            result_status=ResultStatus(ResultStatusEnum.SUCCESS),
            response_payload=payload
        )
        response = ResponseMessage(batch_items=[batch_item])

        build_mock.return_value = None
        send_mock.return_value = response

        result = self.client.derive_key(
            object_type=enums.ObjectType.SYMMETRIC_KEY,
            unique_identifiers=['2', '3'],
            derivation_method=enums.DerivationMethod.ENCRYPT,
            derivation_parameters=DerivationParameters(
                cryptographic_parameters=CryptographicParameters(
                    block_cipher_mode=enums.BlockCipherMode.CBC,
                    padding_method=enums.PaddingMethod.PKCS1v15,
                    cryptographic_algorithm=enums.CryptographicAlgorithm.AES
                ),
                initialization_vector=b'\x01\x02\x03\x04',
                derivation_data=b'\xF1\xF2\xF3\xF4\xF5\xF6\xF7\xF8'
            ),
            template_attribute=TemplateAttribute(
                attributes=[
                    self.attr_factory.create_attribute(
                        'Cryptographic Length',
                        128
                    ),
                    self.attr_factory.create_attribute(
                        'Cryptographic Algorithm',
                        enums.CryptographicAlgorithm.AES
                    )
                ]
            ),
        )

        self.assertEqual('1', result.get('unique_identifier'))
        self.assertEqual(
            ResultStatusEnum.SUCCESS,
            result.get('result_status')
        )
        self.assertEqual(None, result.get('result_reason'))
        self.assertEqual(None, result.get('result_message'))
Beispiel #20
0
 def test_register_invalid_length(self):
     unsupported_lens = (-1, 0, 2048, 5, 18)
     for len in unsupported_lens:
         obj_type = ObjectType(ObjectTypeEnum.SYMMETRIC_KEY)
         key = self._get_symmetric_key()
         key.key_block.cryptographic_length = CryptographicLength(len)
         attributes = []
         template_attribute = TemplateAttribute(attributes=attributes)
         res = self.kmip.register(obj_type, template_attribute, key)
         self.assertEqual(ResultStatus.OPERATION_FAILED,
                          res.result_status.value,
                          'result status did not return failed')
         self.assertEqual(ResultReason.INVALID_FIELD,
                          res.result_reason.value,
                          'result reason did not match')
Beispiel #21
0
    def read(self, istream):
        super(CreateResponsePayload, self).read(istream)
        tstream = BytearrayStream(istream.read(self.length))

        self.object_type = attributes.ObjectType()
        self.unique_identifier = attributes.UniqueIdentifier()

        self.object_type.read(tstream)
        self.unique_identifier.read(tstream)

        if self.is_tag_next(Tags.TEMPLATE_ATTRIBUTE, tstream):
            self.template_attribute = TemplateAttribute()
            self.template_attribute.read(tstream)

        self.is_oversized(tstream)
        self.validate()
Beispiel #22
0
    def store_secret(self, secret_dto):
        """Stores a secret

        To store a secret in KMIP, the attributes must be known.

        :param secret_dto: SecretDTO of the secret to be stored
        :returns: Dictionary holding the key_uuid assigned by KMIP
        :raises: SecretGeneralException, SecretAlgorithmNotSupportedException
        """
        LOG.debug("Starting secret storage with KMIP plugin")
        if not self.store_secret_supports(secret_dto.key_spec):
            raise ss.SecretAlgorithmNotSupportedException(
                secret_dto.key_spec.alg)

        secret_type = secret_dto.type
        object_type, key_format_type = (self._map_type_ss_to_kmip(secret_type))
        if object_type is None:
            raise KMIPSecretStoreError(
                u._('Secret object type {object_type} is '
                    'not supported').format(object_type=object_type))

        usage_mask = self._create_usage_mask_attribute(object_type)
        attribute_list = [usage_mask]
        template_attribute = TemplateAttribute(attributes=attribute_list)
        secret = self._get_kmip_secret(secret_dto)

        try:
            self.client.open()
            LOG.debug("Opened connection to KMIP client for secret storage")
            result = self.client.register(
                object_type=object_type,
                template_attribute=template_attribute,
                secret=secret,
                credential=self.credential)
        except Exception as e:
            LOG.exception(u._LE("Error opening or writing to client"))
            raise ss.SecretGeneralException(str(e))
        else:
            if result.result_status.enum == enums.ResultStatus.SUCCESS:
                LOG.debug("SUCCESS: Key stored with uuid: %s",
                          result.uuid.value)
                return {KMIPSecretStore.KEY_UUID: result.uuid.value}
            else:
                self._raise_secret_general_exception(result)
        finally:
            self.client.close()
            LOG.debug("Closed connection to KMIP client for secret storage")
Beispiel #23
0
    def register(self, object_type, template_attribute, secret,
                 credential=None):
        self.logger.debug('register() called')
        self.logger.debug('object type = %s' % object_type)
        attributes = template_attribute.attributes
        ret_attributes = []
        if object_type is None:
            self.logger.debug('invalid object type')
            return self._get_missing_field_result('object type')
        if object_type.value != OT.SYMMETRIC_KEY:
            self.logger.debug('invalid object type')
            return self._get_invalid_field_result('invalid object type')
        if secret is None or not isinstance(secret, SymmetricKey):
            msg = 'object type does not match that of secret'
            self.logger.debug(msg)
            return self._get_invalid_field_result(msg)

        self.logger.debug('Collecting all attributes')
        if attributes is None:
            attributes = []
        attributes.extend(self._get_key_block_attributes(secret.key_block))

        self.logger.debug('Verifying all attributes are valid and set')
        try:
            self._validate_req_field(
                attributes, AT.CRYPTOGRAPHIC_ALGORITHM.value, (CA.AES,),
                'unsupported algorithm')
            self._validate_req_field(
                attributes, AT.CRYPTOGRAPHIC_LENGTH.value, (128, 256, 512),
                'unsupported key length')
            self._validate_req_field(
                attributes, AT.CRYPTOGRAPHIC_USAGE_MASK.value, (), '')
        except InvalidFieldException as e:
            self.logger.debug('InvalidFieldException raised')
            return RegisterResult(e.result.result_status,
                                  e.result.result_reason,
                                  e.result.result_message)

        s_uuid, uuid_attribute = self._save(secret, attributes)
        ret_attributes.append(uuid_attribute)
        template_attribute = TemplateAttribute(attributes=ret_attributes)
        return RegisterResult(ResultStatus(RS.SUCCESS),
                              uuid=UniqueIdentifier(s_uuid),
                              template_attribute=template_attribute)
Beispiel #24
0
    def read(self, istream):
        super(self.__class__, self).read(istream)
        tstream = BytearrayStream(istream.read(self.length))

        self.object_type = attributes.ObjectType()
        self.template_attribute = TemplateAttribute()

        self.object_type.read(tstream)
        self.template_attribute.read(tstream)

        secret_type = self.object_type.enum
        secret = self.secret_factory.create(secret_type)

        if self.is_tag_next(secret.tag, tstream):
            self.secret = secret
            self.secret.read(tstream)

        self.is_oversized(tstream)
        self.validate()
Beispiel #25
0
    def create(self, object_type, template_attribute, credential=None):
        self.logger.debug('create() called')
        self.logger.debug('object type = %s' % object_type)
        bit_length = 256
        attributes = template_attribute.attributes
        ret_attributes = []
        if object_type.value != OT.SYMMETRIC_KEY:
            self.logger.debug('invalid object type')
            return self._get_invalid_field_result('invalid object type')
        try:
            alg_attr = self._validate_req_field(
                attributes, AT.CRYPTOGRAPHIC_ALGORITHM.value,
                (CA.AES,), 'unsupported algorithm')
            len_attr = self._validate_req_field(
                attributes, AT.CRYPTOGRAPHIC_LENGTH.value,
                (128, 256, 512), 'unsupported key length', False)
            self._validate_req_field(
                attributes, AT.CRYPTOGRAPHIC_USAGE_MASK.value, (), '')
        except InvalidFieldException as e:
            self.logger.debug('InvalidFieldException raised')
            return e.result

        crypto_alg = CryptographicAlgorithm(CA(alg_attr.attribute_value.value))

        if len_attr is None:
            self.logger.debug('cryptographic length not supplied')
            attribute_type = AT.CRYPTOGRAPHIC_LENGTH
            length_attribute = self.attribute_factory.\
                create_attribute(attribute_type, bit_length)
            attributes.append(length_attribute)
            ret_attributes.append(length_attribute)
        else:
            bit_length = len_attr.attribute_value.value

        key = self._gen_symmetric_key(bit_length, crypto_alg)
        s_uuid, uuid_attribute = self._save(key, attributes)
        ret_attributes.append(uuid_attribute)
        template_attribute = TemplateAttribute(attributes=ret_attributes)
        return CreateResult(ResultStatus(RS.SUCCESS), object_type=object_type,
                            uuid=UniqueIdentifier(s_uuid),
                            template_attribute=template_attribute)
Beispiel #26
0
 def test_register_object_type_mismatch(self):
     unsupported_types = (ObjectTypeEnum.CERTIFICATE,
                          ObjectTypeEnum.PUBLIC_KEY,
                          ObjectTypeEnum.PRIVATE_KEY,
                          ObjectTypeEnum.SPLIT_KEY,
                          ObjectTypeEnum.TEMPLATE,
                          ObjectTypeEnum.SECRET_DATA,
                          ObjectTypeEnum.OPAQUE_DATA)
     for unsupported_type in unsupported_types:
         obj_type = ObjectType(unsupported_type)
         key = self._get_symmetric_key()
         attributes = []
         template_attribute = TemplateAttribute(attributes=attributes)
         res = self.kmip.register(obj_type, template_attribute, key)
         self.assertNotEqual(None, res, 'result is None')
         self.assertEqual(ResultStatus.OPERATION_FAILED,
                          res.result_status.value,
                          'result status did not return failed')
         self.assertEqual(ResultReason.INVALID_FIELD,
                          res.result_reason.value,
                          'result reason did not match')
Beispiel #27
0
    def _create_symmetric_key(self):
        credential_type = CredentialType.USERNAME_AND_PASSWORD
        credential_value = {'Username': '******', 'Password': '******'}
        credential = self.cred_factory.create_credential(
            credential_type, credential_value)

        object_type = ObjectType.SYMMETRIC_KEY
        attribute_type = AttributeType.CRYPTOGRAPHIC_ALGORITHM
        algorithm = self.attr_factory.create_attribute(attribute_type,
                                                       CryptoAlgorithmEnum.AES)

        mask_flags = [
            CryptographicUsageMask.ENCRYPT, CryptographicUsageMask.DECRYPT
        ]
        attribute_type = AttributeType.CRYPTOGRAPHIC_USAGE_MASK
        usage_mask = self.attr_factory.create_attribute(
            attribute_type, mask_flags)
        attributes = [algorithm, usage_mask]
        template_attribute = TemplateAttribute(attributes=attributes)

        return self.client.create(object_type, template_attribute, credential)
Beispiel #28
0
    def _create_symmetric_key(self, key_name=None):
        """
        Helper function for creating symmetric keys. Used any time a key
        needs to be created.
        :param key_name: name of the key to be created
        :return: returns the result of the "create key" operation as
        provided by the KMIP appliance
        """
        object_type = ObjectType.SYMMETRIC_KEY
        attribute_type = AttributeType.CRYPTOGRAPHIC_ALGORITHM
        algorithm = self.attr_factory.create_attribute(attribute_type,
                                                       CryptoAlgorithmEnum.AES)
        mask_flags = [
            CryptographicUsageMask.ENCRYPT, CryptographicUsageMask.DECRYPT
        ]
        attribute_type = AttributeType.CRYPTOGRAPHIC_USAGE_MASK
        usage_mask = self.attr_factory.create_attribute(
            attribute_type, mask_flags)
        key_length = 128
        attribute_type = AttributeType.CRYPTOGRAPHIC_LENGTH
        key_length_obj = self.attr_factory.create_attribute(
            attribute_type, key_length)
        name = Attribute.AttributeName('Name')

        if key_name is None:
            key_name = 'Integration Test - Key'

        name_value = Name.NameValue(key_name)

        name_type = Name.NameType(NameType.UNINTERPRETED_TEXT_STRING)
        value = Name(name_value=name_value, name_type=name_type)
        name = Attribute(attribute_name=name, attribute_value=value)
        attributes = [algorithm, usage_mask, key_length_obj, name]
        template_attribute = TemplateAttribute(attributes=attributes)

        return self.client.create(object_type,
                                  template_attribute,
                                  credential=None)
Beispiel #29
0
 def test_register_invalid_alg(self):
     unsupported_algs = (CryptoAlgorithmEnum.RSA,
                         CryptoAlgorithmEnum.DSA,
                         CryptoAlgorithmEnum.ECDSA,
                         CryptoAlgorithmEnum.HMAC_SHA1,
                         CryptoAlgorithmEnum.HMAC_SHA224,
                         CryptoAlgorithmEnum.HMAC_SHA256,
                         CryptoAlgorithmEnum.HMAC_SHA384,
                         CryptoAlgorithmEnum.HMAC_SHA512,
                         CryptoAlgorithmEnum.HMAC_MD5,
                         CryptoAlgorithmEnum.DH,
                         CryptoAlgorithmEnum.ECDH,
                         CryptoAlgorithmEnum.ECMQV,
                         CryptoAlgorithmEnum.BLOWFISH,
                         CryptoAlgorithmEnum.CAMELLIA,
                         CryptoAlgorithmEnum.CAST5,
                         CryptoAlgorithmEnum.IDEA,
                         CryptoAlgorithmEnum.MARS,
                         CryptoAlgorithmEnum.RC2,
                         CryptoAlgorithmEnum.RC4,
                         CryptoAlgorithmEnum.RC5,
                         CryptoAlgorithmEnum.SKIPJACK,
                         CryptoAlgorithmEnum.TWOFISH)
     for alg in unsupported_algs:
         obj_type = ObjectType(ObjectTypeEnum.SYMMETRIC_KEY)
         key = self._get_symmetric_key()
         key.key_block.cryptographic_algorithm = CryptographicAlgorithm(alg)
         attributes = []
         template_attribute = TemplateAttribute(attributes=attributes)
         res = self.kmip.register(obj_type, template_attribute, key)
         self.assertEqual(ResultStatus.OPERATION_FAILED,
                          res.result_status.value,
                          'result status did not return failed')
         self.assertEqual(ResultReason.INVALID_FIELD,
                          res.result_reason.value,
                          'result reason did not match')
Beispiel #30
0
    def proccess_template_attributes(self, attributes):
        template_attributes = []
        attribute_factory = AttributeFactory()
        for attribute in attributes:
            attribute_type = AttributeType(attribute['AttributeName']['value'])
            attribute_value = None

            if attribute_type == AttributeType.X_ID:
                name = Attribute.AttributeName('Name')
                attribute_value = Name.NameValue(
                    attribute['AttributeValue']['value'])
                attribute_type = Name.NameType(
                    NameType.UNINTERPRETED_TEXT_STRING)
                value = Name(name_value=attribute_value,
                             name_type=attribute_type)
                name = Attribute(attribute_name=name, attribute_value=value)
                template_attributes.append(name)
                continue
            if attribute_type == AttributeType.CRYPTOGRAPHIC_ALGORITHM:
                attribute_value = getattr(CryptographicAlgorithm,
                                          attribute['AttributeValue']['value'],
                                          None)
            if attribute_type == AttributeType.CRYPTOGRAPHIC_LENGTH:
                attribute_value = attribute['AttributeValue']['value']
            if attribute_type == AttributeType.CRYPTOGRAPHIC_USAGE_MASK:
                usage_mask = attribute['AttributeValue']['value'].split(' ')
                for idx, val in enumerate(usage_mask):
                    usage_mask[idx] = getattr(CryptographicUsageMask,
                                              val.upper(), None)
                attribute_value = usage_mask

            attribute_obj = attribute_factory.create_attribute(
                attribute_type, attribute_value)
            template_attributes.append(attribute_obj)
        template_attributes = TemplateAttribute(attributes=template_attributes)
        return template_attributes
Beispiel #31
0
    def test_passphrase_register_get_destroy(self):
        """
        Tests that passphrases can be properly registered, retrieved,
        and destroyed
        """

        # properties copied from test case example :
        # http://docs.oasis-open.org/kmip/testcases/v1.1/cn01/kmip-testcases-v1.1-cn01.html#_Toc333488777

        pass_obj_type = ObjectType.SECRET_DATA

        mask_flags = [CryptographicUsageMask.VERIFY]
        attribute_type = AttributeType.CRYPTOGRAPHIC_USAGE_MASK
        usage_mask = self.attr_factory.create_attribute(
            attribute_type, mask_flags)

        name = Attribute.AttributeName('Name')
        pass_name = 'Integration Test - Register-Get-Destroy Passphrase'

        pass_name_value = Name.NameValue(pass_name)

        name_type = Name.NameType(NameType.UNINTERPRETED_TEXT_STRING)
        pass_value = Name(name_value=pass_name_value, name_type=name_type)

        pass_name_attr = Attribute(attribute_name=name,
                                   attribute_value=pass_value)

        pass_attributes = [usage_mask, pass_name_attr]

        pass_template_attribute = TemplateAttribute(attributes=pass_attributes)

        pass_format_type = SecretData.SecretDataType(SecretDataType.PASSWORD)

        key_format_type = KeyFormatType(KeyFormatTypeEnum.OPAQUE)
        key_data = b'\x70\x65\x65\x6b\x2d\x61\x2d\x62\x6f\x6f\x21\x21'

        key_material = KeyMaterial(key_data)
        key_value = KeyValue(key_material)

        key_block = KeyBlock(key_format_type=key_format_type,
                             key_compression_type=None,
                             key_value=key_value,
                             key_wrapping_data=None)

        pass_obj = SecretData(secret_data_type=pass_format_type,
                              key_block=key_block)

        pass_result = self.client.register(pass_obj_type,
                                           pass_template_attribute,
                                           pass_obj,
                                           credential=None)

        self._check_result_status(pass_result, ResultStatus,
                                  ResultStatus.SUCCESS)

        self._check_uuid(pass_result.uuid.value, str)

        # Check that the returned key bytes match what was provided
        pass_uuid = pass_result.uuid.value

        pass_result = self.client.get(uuid=pass_uuid, credential=None)

        self._check_result_status(pass_result, ResultStatus,
                                  ResultStatus.SUCCESS)

        self._check_object_type(pass_result.object_type.value, ObjectType,
                                ObjectType.SECRET_DATA)

        self._check_uuid(pass_result.uuid.value, str)

        # Check the secret type
        pass_secret = pass_result.secret

        pass_secret_expected = SecretData

        self.assertIsInstance(pass_secret, pass_secret_expected)

        pass_material = pass_result.secret.key_block.key_value.key_material\
            .value

        expected = key_data

        self.assertEqual(expected, pass_material)

        self.logger.debug('Destroying cert: ' + pass_name +
                          '\nWith " "UUID: ' + pass_result.uuid.value)

        pass_result = self.client.destroy(pass_result.uuid.value)

        self._check_result_status(pass_result, ResultStatus,
                                  ResultStatus.SUCCESS)

        self._check_uuid(pass_result.uuid.value, str)

        # Verify the secret was destroyed
        pass_result_destroyed_result = self.client.get(uuid=pass_uuid,
                                                       credential=None)

        self._check_result_status(pass_result_destroyed_result, ResultStatus,
                                  ResultStatus.OPERATION_FAILED)

        expected = ResultReason
        pass_observed = type(pass_result_destroyed_result.result_reason.value)

        self.assertEqual(expected, pass_observed)
Beispiel #32
0
    def test_private_key_register_get_destroy(self):
        """
        Tests that private keys are properly registered, retrieved,
        and destroyed.
        """
        priv_key_object_type = ObjectType.PRIVATE_KEY

        mask_flags = [
            CryptographicUsageMask.ENCRYPT, CryptographicUsageMask.DECRYPT
        ]
        attribute_type = AttributeType.CRYPTOGRAPHIC_USAGE_MASK
        usage_mask = self.attr_factory.create_attribute(
            attribute_type, mask_flags)

        name = Attribute.AttributeName('Name')
        key_name = 'Integration Test - Register-Get-Destroy Key -'

        priv_name_value = Name.NameValue(key_name + " Private")

        name_type = Name.NameType(NameType.UNINTERPRETED_TEXT_STRING)
        priv_value = Name(name_value=priv_name_value, name_type=name_type)

        priv_name = Attribute(attribute_name=name, attribute_value=priv_value)

        priv_key_attributes = [usage_mask, priv_name]

        private_template_attribute = TemplateAttribute(
            attributes=priv_key_attributes)

        key_format_type = KeyFormatType(KeyFormatTypeEnum.RAW)

        key_data = (
            b'\x30\x82\x02\x76\x02\x01\x00\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7'
            b'\x0D\x01\x01\x01\x05\x00\x04\x82\x02\x60\x30\x82\x02\x5C\x02\x01'
            b'\x00\x02\x81\x81\x00\x93\x04\x51\xC9\xEC\xD9\x4F\x5B\xB9\xDA\x17'
            b'\xDD\x09\x38\x1B\xD2\x3B\xE4\x3E\xCA\x8C\x75\x39\xF3\x01\xFC\x8A'
            b'\x8C\xD5\xD5\x27\x4C\x3E\x76\x99\xDB\xDC\x71\x1C\x97\xA7\xAA\x91'
            b'\xE2\xC5\x0A\x82\xBD\x0B\x10\x34\xF0\xDF\x49\x3D\xEC\x16\x36\x24'
            b'\x27\xE5\x8A\xCC\xE7\xF6\xCE\x0F\x9B\xCC\x61\x7B\xBD\x8C\x90\xD0'
            b'\x09\x4A\x27\x03\xBA\x0D\x09\xEB\x19\xD1\x00\x5F\x2F\xB2\x65\x52'
            b'\x6A\xAC\x75\xAF\x32\xF8\xBC\x78\x2C\xDE\xD2\xA5\x7F\x81\x1E\x03'
            b'\xEA\xF6\x7A\x94\x4D\xE5\xE7\x84\x13\xDC\xA8\xF2\x32\xD0\x74\xE6'
            b'\xDC\xEA\x4C\xEC\x9F\x02\x03\x01\x00\x01\x02\x81\x80\x0B\x6A\x7D'
            b'\x73\x61\x99\xEA\x48\xA4\x20\xE4\x53\x7C\xA0\xC7\xC0\x46\x78\x4D'
            b'\xCB\xEA\xA6\x3B\xAE\xBC\x0B\xC1\x32\x78\x74\x49\xCD\xE8\xD7\xCA'
            b'\xD0\xC0\xC8\x63\xC0\xFE\xFB\x06\xC3\x06\x2B\xEF\xC5\x00\x33\xEC'
            b'\xF8\x7B\x4E\x33\xA9\xBE\x7B\xCB\xC8\xF1\x51\x1A\xE2\x15\xE8\x0D'
            b'\xEB\x5D\x8A\xF2\xBD\x31\x31\x9D\x78\x21\x19\x66\x40\x93\x5A\x0C'
            b'\xD6\x7C\x94\x59\x95\x79\xF2\x10\x0D\x65\xE0\x38\x83\x1F\xDA\xFB'
            b'\x0D\xBE\x2B\xBD\xAC\x00\xA6\x96\xE6\x7E\x75\x63\x50\xE1\xC9\x9A'
            b'\xCE\x11\xA3\x6D\xAB\xAC\x3E\xD3\xE7\x30\x96\x00\x59\x02\x41\x00'
            b'\xDD\xF6\x72\xFB\xCC\x5B\xDA\x3D\x73\xAF\xFC\x4E\x79\x1E\x0C\x03'
            b'\x39\x02\x24\x40\x5D\x69\xCC\xAA\xBC\x74\x9F\xAA\x0D\xCD\x4C\x25'
            b'\x83\xC7\x1D\xDE\x89\x41\xA7\xB9\xAA\x03\x0F\x52\xEF\x14\x51\x46'
            b'\x6C\x07\x4D\x4D\x33\x8F\xE6\x77\x89\x2A\xCD\x9E\x10\xFD\x35\xBD'
            b'\x02\x41\x00\xA9\x8F\xBC\x3E\xD6\xB4\xC6\xF8\x60\xF9\x71\x65\xAC'
            b'\x2F\x7B\xB6\xF2\xE2\xCB\x19\x2A\x9A\xBD\x49\x79\x5B\xE5\xBC\xF3'
            b'\x7D\x8E\xE6\x9A\x6E\x16\x9C\x24\xE5\xC3\x2E\x4E\x7F\xA3\x32\x65'
            b'\x46\x14\x07\xF9\x52\xBA\x49\xE2\x04\x81\x8A\x2F\x78\x5F\x11\x3F'
            b'\x92\x2B\x8B\x02\x40\x25\x3F\x94\x70\x39\x0D\x39\x04\x93\x03\x77'
            b'\x7D\xDB\xC9\x75\x0E\x9D\x64\x84\x9C\xE0\x90\x3E\xAE\x70\x4D\xC9'
            b'\xF5\x89\xB7\x68\x0D\xEB\x9D\x60\x9F\xD5\xBC\xD4\xDE\xCD\x6F\x12'
            b'\x05\x42\xE5\xCF\xF5\xD7\x6F\x2A\x43\xC8\x61\x5F\xB5\xB3\xA9\x21'
            b'\x34\x63\x79\x7A\xA9\x02\x41\x00\xA1\xDD\xF0\x23\xC0\xCD\x94\xC0'
            b'\x19\xBB\x26\xD0\x9B\x9E\x3C\xA8\xFA\x97\x1C\xB1\x6A\xA5\x8B\x9B'
            b'\xAF\x79\xD6\x08\x1A\x1D\xBB\xA4\x52\xBA\x53\x65\x3E\x28\x04\xBA'
            b'\x98\xFF\x69\xE8\xBB\x1B\x3A\x16\x1E\xA2\x25\xEA\x50\x14\x63\x21'
            b'\x6A\x8D\xAB\x9B\x88\xA7\x5E\x5F\x02\x40\x61\x78\x64\x6E\x11\x2C'
            b'\xF7\x9D\x92\x1A\x8A\x84\x3F\x17\xF6\xE7\xFF\x97\x4F\x68\x81\x22'
            b'\x36\x5B\xF6\x69\x0C\xDF\xC9\x96\xE1\x89\x09\x52\xEB\x38\x20\xDD'
            b'\x18\x90\xEC\x1C\x86\x19\xE8\x7A\x2B\xD3\x8F\x9D\x03\xB3\x7F\xAC'
            b'\x74\x2E\xFB\x74\x8C\x78\x85\x94\x2C\x39')

        key_material = KeyMaterial(key_data)
        key_value = KeyValue(key_material)

        algorithm_value = CryptoAlgorithmEnum.RSA
        cryptographic_algorithm = CryptographicAlgorithm(algorithm_value)
        cryptographic_length = CryptographicLength(2048)

        key_block = KeyBlock(key_format_type=key_format_type,
                             key_compression_type=None,
                             key_value=key_value,
                             cryptographic_algorithm=cryptographic_algorithm,
                             cryptographic_length=cryptographic_length,
                             key_wrapping_data=None)

        priv_secret = PrivateKey(key_block)

        priv_key_result = self.client.register(priv_key_object_type,
                                               private_template_attribute,
                                               priv_secret,
                                               credential=None)

        self._check_result_status(priv_key_result, ResultStatus,
                                  ResultStatus.SUCCESS)

        self._check_uuid(priv_key_result.uuid.value, str)

        # Check that the returned key bytes match what was provided
        priv_uuid = priv_key_result.uuid.value

        priv_key_result = self.client.get(uuid=priv_uuid, credential=None)

        self._check_result_status(priv_key_result, ResultStatus,
                                  ResultStatus.SUCCESS)

        self._check_object_type(priv_key_result.object_type.value, ObjectType,
                                ObjectType.PRIVATE_KEY)

        self._check_uuid(priv_key_result.uuid.value, str)

        # Check the secret type
        priv_secret = priv_key_result.secret

        priv_expected = PrivateKey

        self.assertIsInstance(priv_secret, priv_expected)

        priv_key_block = priv_key_result.secret.key_block
        priv_key_value = priv_key_block.key_value
        priv_key_material = priv_key_value.key_material

        expected = key_data

        priv_observed = priv_key_material.value

        self.assertEqual(expected, priv_observed)

        self.logger.debug('Destroying key: ' + key_name + " Private" +
                          '\nWith " "UUID: ' + priv_key_result.uuid.value)

        priv_result = self.client.destroy(priv_key_result.uuid.value)

        self._check_result_status(priv_result, ResultStatus,
                                  ResultStatus.SUCCESS)

        self._check_uuid(priv_result.uuid.value, str)

        # Verify the secret was destroyed
        priv_key_destroyed_result = self.client.get(uuid=priv_uuid,
                                                    credential=None)

        self._check_result_status(priv_key_destroyed_result, ResultStatus,
                                  ResultStatus.OPERATION_FAILED)

        expected = ResultReason
        priv_observed = type(priv_key_destroyed_result.result_reason.value)

        self.assertEqual(expected, priv_observed)
Beispiel #33
0
    def test_cert_register_get_destroy(self):
        """
        Tests that certificates are properly registered, retrieved,
        and destroyed.
        """

        # properties copied from test case example :
        # http://docs.oasis-open.org/kmip/testcases/v1.1/cn01/kmip-testcases-v1.1-cn01.html#_Toc333488807

        cert_obj_type = ObjectType.CERTIFICATE

        mask_flags = [
            CryptographicUsageMask.SIGN, CryptographicUsageMask.VERIFY
        ]
        attribute_type = AttributeType.CRYPTOGRAPHIC_USAGE_MASK
        usage_mask = self.attr_factory.create_attribute(
            attribute_type, mask_flags)

        name = Attribute.AttributeName('Name')
        cert_name = 'Integration Test - Register-Get-Destroy Certificate'

        cert_name_value = Name.NameValue(cert_name)

        name_type = Name.NameType(NameType.UNINTERPRETED_TEXT_STRING)
        cert_value = Name(name_value=cert_name_value, name_type=name_type)

        cert_name_attr = Attribute(attribute_name=name,
                                   attribute_value=cert_value)

        cert_attributes = [usage_mask, cert_name_attr]

        cert_template_attribute = TemplateAttribute(attributes=cert_attributes)

        cert_format_type = CertificateTypeEnum.X_509

        cert_data = (
            b'\x30\x82\x03\x12\x30\x82\x01\xFA\xA0\x03\x02\x01\x02\x02\x01\x01'
            b'\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30'
            b'\x3B\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x0D'
            b'\x30\x0B\x06\x03\x55\x04\x0A\x13\x04\x54\x45\x53\x54\x31\x0E\x30'
            b'\x0C\x06\x03\x55\x04\x0B\x13\x05\x4F\x41\x53\x49\x53\x31\x0D\x30'
            b'\x0B\x06\x03\x55\x04\x03\x13\x04\x4B\x4D\x49\x50\x30\x1E\x17\x0D'
            b'\x31\x30\x31\x31\x30\x31\x32\x33\x35\x39\x35\x39\x5A\x17\x0D\x32'
            b'\x30\x31\x31\x30\x31\x32\x33\x35\x39\x35\x39\x5A\x30\x3B\x31\x0B'
            b'\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x0D\x30\x0B\x06'
            b'\x03\x55\x04\x0A\x13\x04\x54\x45\x53\x54\x31\x0E\x30\x0C\x06\x03'
            b'\x55\x04\x0B\x13\x05\x4F\x41\x53\x49\x53\x31\x0D\x30\x0B\x06\x03'
            b'\x55\x04\x03\x13\x04\x4B\x4D\x49\x50\x30\x82\x01\x22\x30\x0D\x06'
            b'\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F'
            b'\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xAB\x7F\x16\x1C\x00\x42'
            b'\x49\x6C\xCD\x6C\x6D\x4D\xAD\xB9\x19\x97\x34\x35\x35\x77\x76\x00'
            b'\x3A\xCF\x54\xB7\xAF\x1E\x44\x0A\xFB\x80\xB6\x4A\x87\x55\xF8\x00'
            b'\x2C\xFE\xBA\x6B\x18\x45\x40\xA2\xD6\x60\x86\xD7\x46\x48\x34\x6D'
            b'\x75\xB8\xD7\x18\x12\xB2\x05\x38\x7C\x0F\x65\x83\xBC\x4D\x7D\xC7'
            b'\xEC\x11\x4F\x3B\x17\x6B\x79\x57\xC4\x22\xE7\xD0\x3F\xC6\x26\x7F'
            b'\xA2\xA6\xF8\x9B\x9B\xEE\x9E\x60\xA1\xD7\xC2\xD8\x33\xE5\xA5\xF4'
            b'\xBB\x0B\x14\x34\xF4\xE7\x95\xA4\x11\x00\xF8\xAA\x21\x49\x00\xDF'
            b'\x8B\x65\x08\x9F\x98\x13\x5B\x1C\x67\xB7\x01\x67\x5A\xBD\xBC\x7D'
            b'\x57\x21\xAA\xC9\xD1\x4A\x7F\x08\x1F\xCE\xC8\x0B\x64\xE8\xA0\xEC'
            b'\xC8\x29\x53\x53\xC7\x95\x32\x8A\xBF\x70\xE1\xB4\x2E\x7B\xB8\xB7'
            b'\xF4\xE8\xAC\x8C\x81\x0C\xDB\x66\xE3\xD2\x11\x26\xEB\xA8\xDA\x7D'
            b'\x0C\xA3\x41\x42\xCB\x76\xF9\x1F\x01\x3D\xA8\x09\xE9\xC1\xB7\xAE'
            b'\x64\xC5\x41\x30\xFB\xC2\x1D\x80\xE9\xC2\xCB\x06\xC5\xC8\xD7\xCC'
            b'\xE8\x94\x6A\x9A\xC9\x9B\x1C\x28\x15\xC3\x61\x2A\x29\xA8\x2D\x73'
            b'\xA1\xF9\x93\x74\xFE\x30\xE5\x49\x51\x66\x2A\x6E\xDA\x29\xC6\xFC'
            b'\x41\x13\x35\xD5\xDC\x74\x26\xB0\xF6\x05\x02\x03\x01\x00\x01\xA3'
            b'\x21\x30\x1F\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x04\xE5'
            b'\x7B\xD2\xC4\x31\xB2\xE8\x16\xE1\x80\xA1\x98\x23\xFA\xC8\x58\x27'
            b'\x3F\x6B\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05'
            b'\x00\x03\x82\x01\x01\x00\xA8\x76\xAD\xBC\x6C\x8E\x0F\xF0\x17\x21'
            b'\x6E\x19\x5F\xEA\x76\xBF\xF6\x1A\x56\x7C\x9A\x13\xDC\x50\xD1\x3F'
            b'\xEC\x12\xA4\x27\x3C\x44\x15\x47\xCF\xAB\xCB\x5D\x61\xD9\x91\xE9'
            b'\x66\x31\x9D\xF7\x2C\x0D\x41\xBA\x82\x6A\x45\x11\x2F\xF2\x60\x89'
            b'\xA2\x34\x4F\x4D\x71\xCF\x7C\x92\x1B\x4B\xDF\xAE\xF1\x60\x0D\x1B'
            b'\xAA\xA1\x53\x36\x05\x7E\x01\x4B\x8B\x49\x6D\x4F\xAE\x9E\x8A\x6C'
            b'\x1D\xA9\xAE\xB6\xCB\xC9\x60\xCB\xF2\xFA\xE7\x7F\x58\x7E\xC4\xBB'
            b'\x28\x20\x45\x33\x88\x45\xB8\x8D\xD9\xAE\xEA\x53\xE4\x82\xA3\x6E'
            b'\x73\x4E\x4F\x5F\x03\xB9\xD0\xDF\xC4\xCA\xFC\x6B\xB3\x4E\xA9\x05'
            b'\x3E\x52\xBD\x60\x9E\xE0\x1E\x86\xD9\xB0\x9F\xB5\x11\x20\xC1\x98'
            b'\x34\xA9\x97\xB0\x9C\xE0\x8D\x79\xE8\x13\x11\x76\x2F\x97\x4B\xB1'
            b'\xC8\xC0\x91\x86\xC4\xD7\x89\x33\xE0\xDB\x38\xE9\x05\x08\x48\x77'
            b'\xE1\x47\xC7\x8A\xF5\x2F\xAE\x07\x19\x2F\xF1\x66\xD1\x9F\xA9\x4A'
            b'\x11\xCC\x11\xB2\x7E\xD0\x50\xF7\xA2\x7F\xAE\x13\xB2\x05\xA5\x74'
            b'\xC4\xEE\x00\xAA\x8B\xD6\x5D\x0D\x70\x57\xC9\x85\xC8\x39\xEF\x33'
            b'\x6A\x44\x1E\xD5\x3A\x53\xC6\xB6\xB6\x96\xF1\xBD\xEB\x5F\x7E\xA8'
            b'\x11\xEB\xB2\x5A\x7F\x86')

        cert_obj = Certificate(cert_format_type, cert_data)

        cert_result = self.client.register(cert_obj_type,
                                           cert_template_attribute,
                                           cert_obj,
                                           credential=None)

        self._check_result_status(cert_result, ResultStatus,
                                  ResultStatus.SUCCESS)

        self._check_uuid(cert_result.uuid.value, str)

        # Check that the returned key bytes match what was provided
        cert_uuid = cert_result.uuid.value

        cert_result = self.client.get(uuid=cert_uuid, credential=None)

        self._check_result_status(cert_result, ResultStatus,
                                  ResultStatus.SUCCESS)

        self._check_object_type(cert_result.object_type.value, ObjectType,
                                ObjectType.CERTIFICATE)

        self._check_uuid(cert_result.uuid.value, str)

        # Check the secret type
        cert_secret = cert_result.secret

        cert_secret_expected = Certificate

        self.assertIsInstance(cert_secret, cert_secret_expected)

        cert_material = cert_result.secret.certificate_value.value

        expected = cert_data

        self.assertEqual(expected, cert_material)

        self.logger.debug('Destroying cert: ' + cert_name +
                          '\nWith " "UUID: ' + cert_result.uuid.value)

        cert_result = self.client.destroy(cert_result.uuid.value)

        self._check_result_status(cert_result, ResultStatus,
                                  ResultStatus.SUCCESS)

        self._check_uuid(cert_result.uuid.value, str)

        # Verify the secret was destroyed
        cert_result_destroyed_result = self.client.get(uuid=cert_uuid,
                                                       credential=None)

        self._check_result_status(cert_result_destroyed_result, ResultStatus,
                                  ResultStatus.OPERATION_FAILED)

        expected = ResultReason
        cert_observed = type(cert_result_destroyed_result.result_reason.value)

        self.assertEqual(expected, cert_observed)
Beispiel #34
0
    def test_public_key_register_get_destroy(self):
        """
        Tests that public keys are properly registered, retrieved,
        and destroyed.
        """
        pub_key_object_type = ObjectType.PUBLIC_KEY
        mask_flags = [
            CryptographicUsageMask.ENCRYPT, CryptographicUsageMask.DECRYPT
        ]
        attribute_type = AttributeType.CRYPTOGRAPHIC_USAGE_MASK
        usage_mask = self.attr_factory.create_attribute(
            attribute_type, mask_flags)

        name = Attribute.AttributeName('Name')
        key_name = 'Integration Test - Register-Get-Destroy Key -'

        pub_name_value = Name.NameValue(key_name + " Public")
        name_type = Name.NameType(NameType.UNINTERPRETED_TEXT_STRING)
        pub_value = Name(name_value=pub_name_value, name_type=name_type)
        pub_name = Attribute(attribute_name=name, attribute_value=pub_value)
        pub_key_attributes = [usage_mask, pub_name]
        public_template_attribute = TemplateAttribute(
            attributes=pub_key_attributes)
        key_format_type = KeyFormatType(KeyFormatTypeEnum.RAW)
        key_data = (
            b'\x30\x81\x9F\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01'
            b'\x05\x00\x03\x81\x8D\x00\x30\x81\x89\x02\x81\x81\x00\x93\x04\x51'
            b'\xC9\xEC\xD9\x4F\x5B\xB9\xDA\x17\xDD\x09\x38\x1B\xD2\x3B\xE4\x3E'
            b'\xCA\x8C\x75\x39\xF3\x01\xFC\x8A\x8C\xD5\xD5\x27\x4C\x3E\x76\x99'
            b'\xDB\xDC\x71\x1C\x97\xA7\xAA\x91\xE2\xC5\x0A\x82\xBD\x0B\x10\x34'
            b'\xF0\xDF\x49\x3D\xEC\x16\x36\x24\x27\xE5\x8A\xCC\xE7\xF6\xCE\x0F'
            b'\x9B\xCC\x61\x7B\xBD\x8C\x90\xD0\x09\x4A\x27\x03\xBA\x0D\x09\xEB'
            b'\x19\xD1\x00\x5F\x2F\xB2\x65\x52\x6A\xAC\x75\xAF\x32\xF8\xBC\x78'
            b'\x2C\xDE\xD2\xA5\x7F\x81\x1E\x03\xEA\xF6\x7A\x94\x4D\xE5\xE7\x84'
            b'\x13\xDC\xA8\xF2\x32\xD0\x74\xE6\xDC\xEA\x4C\xEC\x9F\x02\x03\x01'
            b'\x00\x01')

        key_material = KeyMaterial(key_data)
        key_value = KeyValue(key_material)

        algorithm_value = CryptoAlgorithmEnum.RSA
        cryptographic_algorithm = CryptographicAlgorithm(algorithm_value)
        cryptographic_length = CryptographicLength(2048)

        key_block = KeyBlock(key_format_type=key_format_type,
                             key_compression_type=None,
                             key_value=key_value,
                             cryptographic_algorithm=cryptographic_algorithm,
                             cryptographic_length=cryptographic_length,
                             key_wrapping_data=None)
        pub_secret = PublicKey(key_block)

        pub_key_result = self.client.register(pub_key_object_type,
                                              public_template_attribute,
                                              pub_secret,
                                              credential=None)
        self._check_result_status(pub_key_result, ResultStatus,
                                  ResultStatus.SUCCESS)
        # Check that the returned key bytes match what was provided
        pub_uuid = pub_key_result.uuid.value
        pub_key_result = self.client.get(uuid=pub_uuid, credential=None)
        self._check_result_status(pub_key_result, ResultStatus,
                                  ResultStatus.SUCCESS)

        self._check_object_type(pub_key_result.object_type.value, ObjectType,
                                ObjectType.PUBLIC_KEY)
        self._check_uuid(pub_key_result.uuid.value, str)

        # Check the secret type
        pub_secret = pub_key_result.secret
        pub_expected = PublicKey
        self.assertIsInstance(pub_secret, pub_expected)

        pub_key_block = pub_key_result.secret.key_block
        pub_key_value = pub_key_block.key_value
        pub_key_material = pub_key_value.key_material

        expected = key_data
        pub_observed = pub_key_material.value
        self.assertEqual(expected, pub_observed)

        self.logger.debug('Destroying key: ' + key_name + " Public" +
                          '\nWith " "UUID: ' + pub_key_result.uuid.value)
        pub_result = self.client.destroy(pub_key_result.uuid.value)

        self._check_result_status(pub_result, ResultStatus,
                                  ResultStatus.SUCCESS)
        self._check_uuid(pub_result.uuid.value, str)

        pub_key_destroyed_result = self.client.get(uuid=pub_uuid,
                                                   credential=None)
        self._check_result_status(pub_key_destroyed_result, ResultStatus,
                                  ResultStatus.OPERATION_FAILED)
        expected = ResultReason
        pub_observed = type(pub_key_destroyed_result.result_reason.value)

        self.assertEqual(expected, pub_observed)